Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 1,463 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42839 | NONE | — | 2026-06-03 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … | |
| CVE-2026-42824 | MEDIUM | 6.5 | 2026-06-04 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-42795 | NONE | — | 2026-06-02 | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection he… | |
| CVE-2026-42685 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job P… | |
| CVE-2026-42684 | CRITICAL | 9.3 | 2026-06-02 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP… | |
| CVE-2026-42670 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Lev… | |
| CVE-2026-42669 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | |
| CVE-2026-42654 | HIGH | 7.1 | 2026-06-02 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects… | |
| CVE-2026-42547 | MEDIUM | 5.4 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for … | |
| CVE-2026-42543 | MEDIUM | 4.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site r… | |
| CVE-2026-42540 | MEDIUM | 4.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in … | |
| CVE-2026-42539 | MEDIUM | 6.5 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the use… | |
| CVE-2026-42538 | MEDIUM | 6.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploade… | |
| CVE-2026-42536 | HIGH | Patched | 7.5 | 2026-06-08 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 th… |
| CVE-2026-42535 | NONE | Patched | — | 2026-06-08 | A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing c… |
| CVE-2026-42507 | MEDIUM | 5.3 | 2026-06-02 | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to err… | |
| CVE-2026-42504 | HIGH | 7.5 | 2026-06-02 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | |
| CVE-2026-42342 | HIGH | Patched | 7.5 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted reques… |
| CVE-2026-42329 | MEDIUM | 4.7 | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an atta… | |
| CVE-2026-42321 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked … |
| CVE-2026-42320 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the… |
| CVE-2026-42318 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can… |
| CVE-2026-42317 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the… |
| CVE-2026-42211 | HIGH | Patched | 8.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code exe… |
| CVE-2026-42074 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exp… |